Deeplinks Blog posts about Security

We were thrilled to hear today that Yahoo is carrying through a concerted effort to protect users across its sites and services by rolling out routine encryption in several parts of its infrastructure. The company's statement announced that, among other things, it now encrypts traffic between its data centers, makes secure HTTPS connections the default for some web sites, and has turned on encryption for mail delivery between Yahoo Mail and other email services that support it (like Gmail).

The NSA has seen the future of mass surveillance, and it appears they believe that the future lies in malware. Earlier this week, The Intercept reported on a series of slides and memos leaked by Edward Snowden describing the NSA's "more aggressive" approach to signals intelligence, which circumvents encryption such as web browsing via HTTPS and email using PGP, by installing spyware directly onto targets' computers.

As encryption has become more prevalent in online communications as a countermeasure against surveillance, attackers have sought to circumvent these measures by covertly installing malware on targeted computers that can log keystrokes, remotely spy on users with their own webcams, record Skype calls, and listen in on the computer’s built-in microphone. Sometimes the attacker is a criminal, such as the hacker who used a remote access tool (RAT) to take blackmail photos of Miss Teen USA. Sometimes the attacker is acting in support of a state, like the pro-Assad hackers whose malware campaigns against opposition supporters EFF has been tracking for the last two years. Sometimes the attacker is the government or a law enforcement agency.